Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount

from [David Brodbeck] Network Security [Permanent Link]
Subject: RE: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes
Date: Mon, 27 Sep 2004 10:01:14 -0400 
-----Original Message-----
From: Claudius Li [mailto:aprentic@sectae.net]



So my question is, given that this seems to be a solved 
problem why is there so much debate on finding the solution? 
Surely I am missing something obvious.


You're missing the social dynamics around it.  There are several parties
involved:

- State officials who actually pick the voting equipment.  They generally
are politicians, with a background in law or business.  They don't
understand the complicated technical issues behind electronic voting.

- Companies who build the voting equipment.  Their motive is profit.  They
want to get a marketable product out quickly and cheaply.  They perceive
(correctly) that the audience they're selling to does not understand or care
about complicated security issues, and can be easily impressed by trivial
but sophisticated-looking features.

- The public.  They don't understand these issues either, and they have a
short attention span.

- The news media.  They don't push security issues because they lack good
visuals and don't fit into a 15-second news spot.  Anything longer and
they'll lose their audience (see above.)

- Computer scientists and voting activists.  They *do* understand the
issues, but are unable to explain them in a way the news media, the public,
and state officials find compelling and understandable.  The companies who
build the equipment can easily label them as alarmists or conspiracy
theorists.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re[2]: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP, Hidenobu Seki
Next by Date:  Re: Microsoft's GDI Detetection Tool faults, albatross
Previous by Thread:  MDKSA-2004:011-1 - Updated NetPBM packages fix a number of temporary file bugs., Mandrake Linux Security Team
Next by Thread:  Re: Diebold Global Election Management System (GEMS) Backdoor Acc ount Allows Authenticated Users to Modify Votes, Adam Jacob Muller
Indexes:  [Date] [Thread] [Top] [All Lists]